Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,994 questions
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
When deploying an arm template that creates a keyvault, consumption logic app and api connection (for keyvault), the result is the api connection getting an invalid connection error..
Anyone else have this issue?
Thanks
Got past the error but now getting 401 unauthenticated error.. Here's the updated arm
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"connections_keyvault_name": {
"defaultValue": "keyvault",
"type": "String"
},
"vaults_kv_john_test_name": {
"defaultValue": "kv-john-test-4",
"type": "String"
},
"workflows_la_john_test_name": {
"defaultValue": "la-john-test-4",
"type": "String"
},
"bearer_token": {
"defaultValue": "",
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.KeyVault/vaults",
"apiVersion": "2023-02-01",
"name": "[parameters('vaults_kv_john_test_name')]",
"location": "[resourceGroup().location]",
"properties": {
"sku": {
"family": "A",
"name": "Standard"
},
"tenantId": "[subscription().tenantId]",
"accessPolicies": [
{
"tenantId": "[subscription().tenantId]",
"objectId": "[reference(resourceId('Microsoft.Logic/workflows', parameters('workflows_la_john_test_name')), '2019-05-01', 'full').identity.principalId]",
"permissions": {
"certificates": [],
"keys": [],
"secrets": [
"get",
"list"
]
}
}
],
"enabledForDeployment": false,
"enabledForDiskEncryption": false,
"enabledForTemplateDeployment": true,
"enableSoftDelete": false,
"enableRbacAuthorization": false,
"vaultUri": "[concat('https://', parameters('vaults_kv_john_test_name'), '.vault.azure.net/')]",
"provisioningState": "Succeeded",
"publicNetworkAccess": "Enabled"
}
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"apiVersion": "2023-02-01",
"name": "[concat(parameters('vaults_kv_john_test_name'), '/canvas-token')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', parameters('vaults_kv_john_test_name'))]"
],
"properties": {
"value": "[parameters('bearer_token')]"
}
},
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"name": "[parameters('connections_keyvault_name')]",
"location": "[resourceGroup().location]",
"kind": "V1",
"properties": {
"displayName": "canvasvault",
"parameterValueType": "Alternative",
"alternativeParameterValues": {
"vaultName": "[parameters('connections_keyvault_name')]"
},
"connectionState": "Enabled",
"api": {
"name": "[parameters('connections_keyvault_name')]",
"displayName": "Azure Key Vault",
"description": "Azure Key Vault is a service to securely store and access secrets.",
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/', parameters('connections_keyvault_name'))]",
"type": "Microsoft.Web/locations/managedApis"
},
"parameterValues": {},
"testLinks": []
}
},
{
"type": "Microsoft.Logic/workflows",
"apiVersion": "2017-07-01",
"name": "[parameters('workflows_la_john_test_name')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Web/connections', parameters('connections_keyvault_name'))]"
],
"identity": {
"type": "SystemAssigned"
},
"properties": {
"state": "Enabled",
"definition": {
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"$connections": {
"defaultValue": {},
"type": "Object"
}
},
"triggers": {
"Recurrence": {
"recurrence": {
"interval": 3,
"frequency": "Month",
"timeZone": "Eastern Standard Time"
},
"evaluatedRecurrence": {
"interval": 3,
"frequency": "Month",
"timeZone": "Eastern Standard Time"
},
"type": "Recurrence"
}
},
"actions": {
"Get_secret": {
"runAfter": {},
"type": "ApiConnection",
"inputs": {
"host": {
"connection": {
"name": "@parameters('$connections')['keyvault']['connectionId']"
}
},
"method": "get",
"path": "/secrets/@{encodeURIComponent('canvas-token')}/value"
}
}
},
"outputs": {}
},
"parameters": {
"$connections": {
"value": {
"keyvault": {
"connectionId": "[resourceId('Microsoft.Web/connections', parameters('connections_keyvault_name'))]",
"connectionName": "keyvault",
"connectionProperties": {
"authentication": {
"type": "ManagedServiceIdentity"
}
},
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/keyvault')]"
}
}
}
}
}
}
]
}
Finally got it working .. the api connection should be:
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"name": "[parameters('connections_keyvault_name')]",
"location": "[resourceGroup().location]",
"kind": "V1",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', parameters('vaults_kv_john_test_name'))]"
],
"properties": {
"displayName": "[parameters('connections_keyvault_name')]",
"connectionState": "Enabled",
"api": {
"name": "[parameters('connections_keyvault_name')]",
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/', parameters('connections_keyvault_name'))]",
"type": "Microsoft.Web/locations/managedApis"
},
"parameterValueSet": {
"name": "oauthMI",
"values": {
"vaultName": {
"value":
"[parameters('connections_keyvault_name')]"
}
}
}
}
}